Skip to content

feat(scripts): Add bootstrap-new-client.ps1 for Windows deployment (T-5.4)#99

Closed
obtFusi wants to merge 1 commit into
mainfrom
feature/t-5.4-bootstrap-client
Closed

feat(scripts): Add bootstrap-new-client.ps1 for Windows deployment (T-5.4)#99
obtFusi wants to merge 1 commit into
mainfrom
feature/t-5.4-bootstrap-client

Conversation

@obtFusi
Copy link
Copy Markdown
Collaborator

@obtFusi obtFusi commented Jan 24, 2026
edited
Loading

Summary

  • Complete two-phase bootstrap workflow for Windows clients
  • Phase 1: Setup-Key authentication, tunnel establishment
  • Phase 2: Domain join, NTP sync, cert enrollment, mTLS config
  • Secret redaction in logs (security best practice)
  • Smart Cert Selection for machine certificates

Test plan

  • Run with -WhatIf to verify dry-run
  • Test on Windows VM with actual setup-key
  • Verify DC connectivity test
  • Verify NTP sync with DC
  • Verify domain join
  • Verify cert enrollment trigger

Closes #50

🤖 Generated with Claude Code

Documentation

  • Documentation is not needed

@obtFusi @claude
feat(scripts): Add bootstrap-new-client.ps1 for Windows deployment (T…
1c25953 
…-5.4)

Complete two-phase bootstrap workflow:
- Phase 1: Setup-Key authentication, tunnel establishment
- Phase 2: Domain join, NTP sync, cert enrollment, mTLS config

Features:
- Secret redaction in logs (only last 4 chars of setup-key shown)
- DC discovery via DNS SRV records
- NTP sync before domain join (Kerberos tolerance check)
- Smart Cert Selection for machine certificates
- Comprehensive error handling and logging
- WhatIf support for dry-run testing

Security:
- Setup-Key never logged in full
- DPAPI encryption for config
- Prominent reminder to revoke setup-key after bootstrap

Closes #50

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@github-actions github-actions Bot added the type:feature New feature label Jan 24, 2026
@obtFusi
Copy link
Copy Markdown
Collaborator Author

obtFusi commented Jan 30, 2026

Closing: Superseded by PR #102

PR #102 (Bootstrap Script v2.0) was merged into main on 2026-01-25 and fully replaces this v1.0 script. All functionality from this PR is included in the improved v2.0 version.

@obtFusi obtFusi closed this Jan 30, 2026
@obtFusi obtFusi mentioned this pull request Jan 30, 2026
Closed
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type:feature New feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Task] T-5.4: Deploy: bootstrap-new-client.ps1 Script

1 participant

@obtFusi